RealTime IT News

Microsoft to Office 2003 Users - 'Our Bad'

After a sudden and heated controversy arose last week over blocking older file formats in the latest service pack of Office 2003, Microsoft late Friday all but reversed itself. Along with apologies to both users and other software makers, Microsoft also provided automated tools for restoring access to those older files.

The brouhaha began last week when a user whose online handle is time961 complained on tech gadfly site Slashdot that Office 2003 Service Pack 3 (SP3) defaults to blocking the opening or saving files in many older application file formats, including Office 97 and earlier, but also files created by CorelDraw, among others.

The reasoning behind blocking access to those formats, according to a Microsoft knowledge base (KB) article published in December, is security -- the older formats are "less secure," the document stated. "They may pose a risk to you."

Now, Microsoft has admitted those statements were in error.

Although SP3 began shipping in September, this was the first outcry over the change in Office 2003's default settings – probably because most older files are to be found in customers' archives and aren't accessed frequently. Still, that could create big problems for users who have to access those archives at a much later date – for instance, as part of a multi-year audit.

"Because these are, after all, old file formats ... many users will encounter the problem only months or years after the software change, while groping around in dusty and now-inaccessible archives," said the Slashdot posting.

The affair also prompted an outcry from Corel.

"Corel is not aware of any security issue related to the CorelDraw .CDR file format," Gerard Metrallier, director of graphics product management for Corel, said in a statement e-mailed to InternetNews.com. "Corel has unsuccessfully tried to figure out the basis for categorizing .CDR files as 'less secure.'"

That prompted Microsoft to scramble – apologizing profusely to vendors and users alike – and to provide tools to make it much simpler for users to access the blocked file types.

"In the KB article we stated that it was the file formats that were insecure, but this is actually not correct. A file format … isn't insecure – it's the code that reads the format that's more or less secure," David LeBlanc, senior software development engineer for Microsoft Office, said in a blog post Friday.

That means the insecurity is in Office itself, and not in the file formats. LeBlanc went on to say that the files aren't blocked permanently either – just by default, which can be undone.

In response to complaints that procedures described in the KB article require editing the Windows registry in order to re-enable access to the files, and are both complicated and risky, LeBlanc also posted links to work arounds that do the job automatically.

"You click on the link [for the file type] and it brings up a dialog box that says 'Run,' … It's very easy," a Microsoft spokesperson told InternetNews.com.

Microsoft also has an Office Online help file that describes how to re-enable those file formats in Office 2007, which has blocked those files by default since it was first released in November 2006. Unlike Office 2003, Office 2007 lets users access those files by placing them in what the company refers to as "trusted locations" – that is, by placing the files in a location that Office 2007 believes it can trust in a manner similar to Internet Explorer's "Trusted Sites" zone.